The push came during a televised House Industry committee meeting on Wednesday night. Simon Marchand, a certified fraud examiner at Nuance Communications — a commercial anti-identity fraud group — said there’s no current obligation for telecoms or banking companies to contact victims of identity theft, arguing that the individuals are left unable to take additional steps to protect themselves.

“You might have been the victim of identity theft within the telecom company and the fraud team might have been aware of this, but they don’t have the obligation to inform you as a consumer,” he said in French. “So we are totally blind, we have no idea where our identity has been used.”

Right now, Marchand said, there’s also no obligation for companies to reveal how many fraudulent accounts have been opened in a given year. He said if companies were required to provide this data, the federal government would have an understanding of how many victims there have been and, subsequently, would find themselves better equipped to address the issue with telecom companies and banks.

The data is already collected, he said — it just needs to be transferred to a government agency to be analyzed.

Marchand’s comments at the committee meeting Wednesday also touched on the cybersecurity concerns that have emerged during the coronavirus pandemic. There’s been a 600-per-cent increase of phishing attacks in the context of COVID-19, Marchand said. That information may not be used immediately, he warned, but legislators should be aware that it could be used at a later date — six, 12, or even 18 months from now — in order to steal assets or other information.

At a committee hearing in March, Canadian Radio-television and Telecommunications Commission chairperson Ian Scott said that STIR/SHAKEN works by authenticating and verifying a call in order to show consumers if a call is legitimate, or if it should be be treated with suspicion. At the hearing, telecom companies said they were on track to implement the system, but warned that it alone would do little to alert consumers to suspicious calls because it will only apply to calls within Canada initially and many fraudulent calls originate outside North America.

Jonathan Daniels, vice president of regulatory law for Bell Canada, said at the time that there’s “no rush” to implement the system — because few customers would actually stand to benefit, even if all telecoms turned them on tomorrow.

“So we’re going to take time to get it right,” Daniels said at the hearing. “But we’re all supportive of it, and we’re all turning it on in September.”

Marchand acknowledged the system is limited, particularly as it won’t apply to calls originating outside of Canada. But, he said Wednesday that eventually the net would expand beyond domestic calls to include the U.S. and other participating countries. While Canadian networks will not yet be able to deploy STIR/SHAKEN completely, he urged them to deploy it wherever possible.

The U.S. is implementing STIR/SHAKEN, he said — and if there were legislative gaps, he said, fraudsters could target Canada. The anti-spoofing protocol may not be the only solution, but he said that Canada can’t afford to skip over that layer of protections.